Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Summary

Enterasys NAC Design Guide 3-13

5.Remediation‐Whenthequarantinedenduseropensawebbrowsertoanywebsite,itstrafficis

dynamicallyredirectedtoaRemediationwebpagethatdescribesthecomplianceviolationsand

providesremediationsstepsfortheusertoexecuteinordertoachievecompliance.Aftertaking

theappropriateremediationsteps,the

enduserclicksonabuttononthewebpagetoreattempt

networkaccess,forcingthere‐assessmentoftheend‐system.Atthispoint,theEnterasysNAC

solutiontransitionstheend‐systemthroughtheentireNACcycle,re‐assessingthesecurity

postureoftheend‐systemtodetermineif

theremediationtechniques weresuccessfullyfollowed.

Iftheend‐systemisnowcompliantwithnetworksecuritypolicy,theNACControllerauthorizes

theend‐systemwiththeappropriateaccesspolicy.Iftheend‐systemisnotcompliant,theend‐

systemisrestrictedaccesstothenetworkbyassigningapolicytothe

end‐systemontheNAC

Controller,andtheprocessstartsagain.

Summary

Thedecisionwhethertodeployinlineorout‐of‐bandnetworkaccesscontroldependsonthe

infrastructuredevicesdeployedinyournetwork.Forsomenetworktopologies,inlineNAC

utilizingthe NACControllerappliancemayberequiredwhileforothernetworkconfigurations,

out‐of‐bandNACutilizingtheNACGatewayappliancemay

beused.

ThefollowingtablesummarizesfourNACusescenariosandtheirNACappliancerequirements.

TheEnterasysNACsolutioniscapableofimplementingnetworkaccesscontrolforallfouruse

scenariosaswellasenvironmentswithmixedusescenariosthatmayrequiretheconcurrent

deploymentofinlineandout‐of‐band

NAC.

.

Table 3-1 Use Scenario Summaries

Use Scenario Summary and Appliance Requirements

Scenario 1:

Intelligent wired access

edge

Summary:

Intelligent edge switches in the network access layer provide authentication and

authorization for connecting end-systems.

Appliance Requirement: NAC Gateway

The NAC Gateway appliance provides out-of-band network access control by

leveraging the intelligent edge switches as the authorization point for connecting

end-systems.

Scenario 2:

Intelligent wireless

access edge

Summary:

Thick Access Points (APs), or wireless switches with thin APs, provide

authentication and authorization for connecting end-systems.

Appliance Requirement: NAC Gateway

The NAC Gateway appliance provides out-of-band network access control by

leveraging the intelligent wireless infrastructure devices as the authorization

point for connecting end-systems.

Scenario 3:

Non-intelligent access

edge (wired and

wireless)

Summary:

Non-intelligent edge switches in the network access layer are not capable of

providing authentication and authorization for connecting end-systems.

Appliance Requirement: NAC Controller

Inline network access control is implemented by positioning the NAC Controller

appliance at a strategic point in the network topology as the authorization point

for end-system traffic.

previous next